showmap debug options
This commit is contained in:
parent
99bd30c233
commit
64dfd6a642
@ -20,3 +20,4 @@ ron = "0.7" # write serialized data - including hashmaps
|
||||
hashbrown = { version = "0.11", features = ["serde", "ahash-compile-time-rng"], default-features=false } # A faster hashmap, nostd compatible
|
||||
nix = "0.23.0"
|
||||
goblin = "0.4.2"
|
||||
either = "1.6.1"
|
||||
|
||||
@ -17,16 +17,19 @@ use libafl::{
|
||||
rands::StdRand,
|
||||
tuples::{tuple_list},
|
||||
},
|
||||
corpus::{InMemoryCorpus,QueueCorpusScheduler},
|
||||
corpus::{Corpus,InMemoryCorpus,QueueCorpusScheduler},
|
||||
executors::{ExitKind},
|
||||
fuzzer::{StdFuzzer},
|
||||
inputs::{Input,BytesInput, HasTargetBytes},
|
||||
observers::{VariableMapObserver},
|
||||
state::{StdState},
|
||||
state::{HasCorpus,StdState},
|
||||
Error,
|
||||
Evaluator,
|
||||
stats::SimpleStats,
|
||||
events::SimpleEventManager,
|
||||
stages::StdMutationalStage,
|
||||
mutators::BitFlipMutator,
|
||||
Fuzzer,
|
||||
};
|
||||
use libafl_qemu::{
|
||||
edges,
|
||||
@ -39,6 +42,7 @@ use libafl_qemu::{
|
||||
QemuExecutor,
|
||||
};
|
||||
|
||||
use either::{Either,Left,Right};
|
||||
|
||||
/// The fuzzer main
|
||||
pub fn main() {
|
||||
@ -95,6 +99,11 @@ pub fn main() {
|
||||
.required(true)
|
||||
.takes_value(true),
|
||||
)
|
||||
.arg(
|
||||
Arg::new("single")
|
||||
.long("libafl-single")
|
||||
.takes_value(true)
|
||||
)
|
||||
.try_get_matches_from(filter_qemu_args())
|
||||
{
|
||||
Ok(res) => res,
|
||||
@ -128,11 +137,17 @@ pub fn main() {
|
||||
worstcases.push("worstcase");
|
||||
out_dir.push("queue");
|
||||
|
||||
let in_dir = PathBuf::from(res.value_of("in").unwrap().to_string());
|
||||
if !in_dir.is_dir() {
|
||||
println!("In dir at {:?} is not a valid directory!", &in_dir);
|
||||
return;
|
||||
}
|
||||
let seed = match res.value_of("single") {
|
||||
Some(s) => Left(s.to_string()),
|
||||
None => {
|
||||
let in_dir = PathBuf::from(res.value_of("in").unwrap().to_string());
|
||||
if !in_dir.is_dir() {
|
||||
println!("In dir at {:?} is not a valid directory!", &in_dir);
|
||||
return;
|
||||
}
|
||||
Right(in_dir)
|
||||
},
|
||||
};
|
||||
|
||||
let kernel = PathBuf::from(res.value_of("k").unwrap().to_string());
|
||||
let edges = match res.value_of("edges") {
|
||||
@ -142,7 +157,7 @@ pub fn main() {
|
||||
|
||||
let snapshot = PathBuf::from(res.value_of("snapshot").unwrap().to_string());
|
||||
|
||||
fuzz(in_dir, kernel, edges, snapshot)
|
||||
fuzz(seed, kernel, edges, snapshot)
|
||||
.expect("An error occurred while fuzzing");
|
||||
}
|
||||
|
||||
@ -161,7 +176,7 @@ fn virt2phys(vaddr : u64, tab : &goblin::elf::Elf) -> u64 {
|
||||
|
||||
/// The actual fuzzer
|
||||
fn fuzz(
|
||||
seed_dir: PathBuf,
|
||||
seed: Either<String,PathBuf>,
|
||||
kernel: PathBuf,
|
||||
dump_edges: Option<PathBuf>,
|
||||
snapshot: PathBuf,
|
||||
@ -317,10 +332,30 @@ fn fuzz(
|
||||
&mut state,
|
||||
&mut mgr,
|
||||
)?;
|
||||
let firstinput = match seed_dir.clone().is_dir() {
|
||||
true => seed_dir.clone().read_dir().expect("Directory not a directory?").next().expect("Directory empty?").expect("File not in directory?").path(),
|
||||
false => seed_dir.clone()
|
||||
};
|
||||
match seed {
|
||||
Right(pb) => {
|
||||
if state.corpus().count() < 1 {
|
||||
state
|
||||
.load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &[pb.clone()])
|
||||
.unwrap_or_else(|_| {
|
||||
println!("Failed to load initial corpus at {:?}", &pb);
|
||||
return;
|
||||
});
|
||||
println!("We imported {} inputs from disk.", state.corpus().count());
|
||||
}
|
||||
fuzzer
|
||||
.fuzz_one(&mut tuple_list!(StdMutationalStage::new(BitFlipMutator::new())), &mut executor, &mut state, &mut mgr)
|
||||
.expect("Error in the fuzzing loop");
|
||||
|
||||
},
|
||||
Left(s) => {
|
||||
fuzzer.evaluate_input(&mut state, &mut executor, &mut mgr, BytesInput::new(s.as_bytes().to_vec())).expect("Evaluation failed");
|
||||
}
|
||||
}
|
||||
// let firstinput = match seed.clone().is_dir() {
|
||||
// true => seed.clone().read_dir().expect("Directory not a directory?").next().expect("Directory empty?").expect("File not in directory?").path(),
|
||||
// false => seed.clone()
|
||||
// };
|
||||
// let secondinput = match seed_dir.clone().is_dir() {
|
||||
// true => {
|
||||
// let mut a = seed_dir.clone().read_dir().expect("Directory not a directory?");
|
||||
@ -329,20 +364,7 @@ fn fuzz(
|
||||
// },
|
||||
// false => seed_dir.clone()
|
||||
// };
|
||||
fuzzer.evaluate_input(&mut state, &mut executor, &mut mgr, Input::from_file(&firstinput).expect("Could not load file")).expect("Evaluation failed");
|
||||
// fuzzer.evaluate_input(&mut state, &mut executor, &mut mgr, Input::from_file(&secondinput).expect("Could not load file")).expect("Evaluation failed");
|
||||
// println!("Nach Eval");
|
||||
// if state.corpus().count() < 1 {
|
||||
// state
|
||||
// .load_initial_inputs(&mut fuzzer, &mut executor, &mut mgr, &[seed_dir.clone()])
|
||||
// .unwrap_or_else(|_| {
|
||||
// println!("Failed to load initial corpus at {:?}", &seed_dir);
|
||||
// return;
|
||||
// });
|
||||
// println!("We imported {} inputs from disk.", state.corpus().count());
|
||||
// }
|
||||
// fuzzer
|
||||
// .fuzz_one(&mut tuple_list!(StdMutationalStage::new(BitFlipMutator::new())), &mut executor, &mut state, &mut mgr)
|
||||
// .expect("Error in the fuzzing loop");
|
||||
return Ok(());
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user